* [Buildroot] [PATCH 1/1] package/apr-util: security bump to version 1.6.3
@ 2023-02-13 18:13 Fabrice Fontaine
2023-02-14 17:13 ` Peter Korsgaard
2023-03-04 9:03 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2023-02-13 18:13 UTC (permalink / raw)
To: buildroot; +Cc: Bernd Kuhls, Fabrice Fontaine
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
https://downloads.apache.org/apr/Announcement-aprutil-1.x.html
https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/apr-util/apr-util.hash | 4 ++--
package/apr-util/apr-util.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/apr-util/apr-util.hash b/package/apr-util/apr-util.hash
index 59ef590109..7e2793cd77 100644
--- a/package/apr-util/apr-util.hash
+++ b/package/apr-util/apr-util.hash
@@ -1,4 +1,4 @@
-# From http://www.apache.org/dist/apr/apr-util-1.6.1.tar.bz2.sha256
-sha256 d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b apr-util-1.6.1.tar.bz2
+# From http://www.apache.org/dist/apr/apr-util-1.6.3.tar.bz2.sha256
+sha256 a41076e3710746326c3945042994ad9a4fcac0ce0277dd8fea076fec3c9772b5 apr-util-1.6.3.tar.bz2
# Locally calculated
sha256 ef5609d18601645ad6fe22c6c122094be40e976725c1d0490778abacc836e7a2 LICENSE
diff --git a/package/apr-util/apr-util.mk b/package/apr-util/apr-util.mk
index fb0735f5e7..02b6d5e277 100644
--- a/package/apr-util/apr-util.mk
+++ b/package/apr-util/apr-util.mk
@@ -4,7 +4,7 @@
#
################################################################################
-APR_UTIL_VERSION = 1.6.1
+APR_UTIL_VERSION = 1.6.3
APR_UTIL_SOURCE = apr-util-$(APR_UTIL_VERSION).tar.bz2
APR_UTIL_SITE = https://archive.apache.org/dist/apr
APR_UTIL_LICENSE = Apache-2.0
--
2.39.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/apr-util: security bump to version 1.6.3
2023-02-13 18:13 [Buildroot] [PATCH 1/1] package/apr-util: security bump to version 1.6.3 Fabrice Fontaine
@ 2023-02-14 17:13 ` Peter Korsgaard
2023-03-04 9:03 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-02-14 17:13 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Bernd Kuhls, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> *) SECURITY: CVE-2022-25147 (cve.mitre.org)
> Integer Overflow or Wraparound vulnerability in apr_base64 functions
> of Apache Portable Runtime Utility (APR-util) allows an attacker to
> write beyond bounds of a buffer.
> https://downloads.apache.org/apr/Announcement-aprutil-1.x.html
> https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/apr-util: security bump to version 1.6.3
2023-02-13 18:13 [Buildroot] [PATCH 1/1] package/apr-util: security bump to version 1.6.3 Fabrice Fontaine
2023-02-14 17:13 ` Peter Korsgaard
@ 2023-03-04 9:03 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-03-04 9:03 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Bernd Kuhls, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> *) SECURITY: CVE-2022-25147 (cve.mitre.org)
> Integer Overflow or Wraparound vulnerability in apr_base64 functions
> of Apache Portable Runtime Utility (APR-util) allows an attacker to
> write beyond bounds of a buffer.
> https://downloads.apache.org/apr/Announcement-aprutil-1.x.html
> https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.11.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-04 9:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-13 18:13 [Buildroot] [PATCH 1/1] package/apr-util: security bump to version 1.6.3 Fabrice Fontaine
2023-02-14 17:13 ` Peter Korsgaard
2023-03-04 9:03 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.